Protect monitoring TG API with internal key
This commit is contained in:
@@ -50,6 +50,7 @@ type config struct {
|
|||||||
LLMTimeout time.Duration
|
LLMTimeout time.Duration
|
||||||
AIServiceURL string
|
AIServiceURL string
|
||||||
AIServiceToken string
|
AIServiceToken string
|
||||||
|
InternalAPIKey string
|
||||||
MinioEndpoint string
|
MinioEndpoint string
|
||||||
MinioAccessKey string
|
MinioAccessKey string
|
||||||
MinioSecretKey string
|
MinioSecretKey string
|
||||||
@@ -191,6 +192,9 @@ func (a *app) serveHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
writeError(w, http.StatusNotFound, "not found")
|
writeError(w, http.StatusNotFound, "not found")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if !a.checkInternalAuth(w, r) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
ctx := r.Context()
|
ctx := r.Context()
|
||||||
switch {
|
switch {
|
||||||
@@ -227,6 +231,18 @@ func (a *app) serveHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *app) checkInternalAuth(w http.ResponseWriter, r *http.Request) bool {
|
||||||
|
want := strings.TrimSpace(a.cfg.InternalAPIKey)
|
||||||
|
if want == "" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
if r.Header.Get("X-Internal-Key") != want {
|
||||||
|
writeError(w, http.StatusUnauthorized, "unauthorized")
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
func (a *app) apiPath(path string) string {
|
func (a *app) apiPath(path string) string {
|
||||||
base := strings.TrimRight(a.cfg.PublicBasePath, "/")
|
base := strings.TrimRight(a.cfg.PublicBasePath, "/")
|
||||||
if base != "" && strings.HasPrefix(path, base+"/") {
|
if base != "" && strings.HasPrefix(path, base+"/") {
|
||||||
@@ -1873,6 +1889,7 @@ func loadConfig() config {
|
|||||||
LLMTimeout: time.Duration(envInt("LLM_TIMEOUT_SECONDS", 120)) * time.Second,
|
LLMTimeout: time.Duration(envInt("LLM_TIMEOUT_SECONDS", 120)) * time.Second,
|
||||||
AIServiceURL: env("AI_SERVICE_URL", ""),
|
AIServiceURL: env("AI_SERVICE_URL", ""),
|
||||||
AIServiceToken: env("AI_SERVICE_TOKEN", ""),
|
AIServiceToken: env("AI_SERVICE_TOKEN", ""),
|
||||||
|
InternalAPIKey: env("INTERNAL_API_KEY", env("PORTAL_INTERNAL_API_KEY", "")),
|
||||||
MinioEndpoint: env("MINIO_ENDPOINT", ""),
|
MinioEndpoint: env("MINIO_ENDPOINT", ""),
|
||||||
MinioAccessKey: env("MINIO_ACCESS_KEY", ""),
|
MinioAccessKey: env("MINIO_ACCESS_KEY", ""),
|
||||||
MinioSecretKey: env("MINIO_SECRET_KEY", ""),
|
MinioSecretKey: env("MINIO_SECRET_KEY", ""),
|
||||||
|
|||||||
@@ -10,6 +10,7 @@ stringData:
|
|||||||
TG_PHONE: "+971524994695"
|
TG_PHONE: "+971524994695"
|
||||||
TG_SESSION_STRING: ""
|
TG_SESSION_STRING: ""
|
||||||
POSTGRES_PASSWORD: "parser"
|
POSTGRES_PASSWORD: "parser"
|
||||||
|
INTERNAL_API_KEY: "36fe89ed40c01fdc54d3cf4e3fcacc8751dc456a4a1acd394e9fed48257c5734"
|
||||||
AI_SERVICE_TOKEN: "d18bcacf9e02bae1806ee6b6eeda62b95be6a915c0a22936d9a700128b275442"
|
AI_SERVICE_TOKEN: "d18bcacf9e02bae1806ee6b6eeda62b95be6a915c0a22936d9a700128b275442"
|
||||||
MINIO_ACCESS_KEY: "admjn"
|
MINIO_ACCESS_KEY: "admjn"
|
||||||
MINIO_SECRET_KEY: "TropicalMacaw9Fantasize"
|
MINIO_SECRET_KEY: "TropicalMacaw9Fantasize"
|
||||||
|
|||||||
Reference in New Issue
Block a user